July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

Slides:

Advertisements

Similar presentations

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt

Advertisements

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.

VON Europe SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

SIP Working Group Jonathan Rosenberg dynamicsoft.

Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

Session Initiation Protocol (SIP) By: Zhixin Chen.

July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

Property of i3 Forum (all rights reserved) Analysis of T.38 protocol Survey results, carrier’s remarks and suggestions Contact Points: Dr. Jerzy Soldrowsky.

RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.

Miscellaneous Capabilities Negotiation in SDP IETF82 Taipei, Taiwan Simo Veikkolainen 1.

Draft-romanow-clue-call-flow-02 Allyn Romanow Rob Hansen Arun Krishna.

March 10, 2008SIPPING WG IETF-711 Secure Media Recording and Transcoding with the Session Initiation Protocol draft-wing-sipping-srtp-key-03 Dan Wing Francois.

All rights reserved © 1999, Alcatel, Paris. page n° 1 SIP for Xcast SIP for the establishment of xcast-based multiparty.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

CS Spring 2012 CS 414 – Multimedia Systems Design Lecture 22 – Multimedia Session Protocols Klara Nahrstedt Spring 2012.

SIPPING IETF 57 Jonathan Rosenberg dynamicsoft.

ZRTP: Media Path Key Agreement for Unicast Secure RTP April 2011, RFC 6189 Author(s): P. Zimmermann, A. Johnston, J. Callas Speaker :Ted 1.

SIP:Session Initiation Protocol Che-Yu Kuo Computer & Information Science Department University of Delaware May 11, 2010 CISC 856: TCP/IP and Upper Layer.

Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

IETF70, Vancouver, December 2007draft-wing-sipping-srtp-key-021 Disclosing Secure RTP (SRTP) Session Keys draft-wing-sipping-srtp-key-02 Dan Wing,

Session Initiation Protocol (SIP) Chapter 5 speaker ： Wenping Zhang data ：

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

1 IETF 72 SIP WG meeting SIP Identity issues John Elwell et alia.

SIP INFO Event Framework (draft-kaplan-sip-info-events-00) Hadriel Kaplan Christer Holmberg 70th IETF, Vancouver, Canada.

1 Secure VoIP: call establishment and media protection Johan Bilien, Erik Eliasson, Joachim Orrblad, Jon-Olov Vatn Telecommunication Systems Laboratory.

IETF-81, Quebec City, July 25-29, 2011

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

SIPPING - IETF 62 - Minneapolis (March 2005)1 Session Initiation Protocol (SIP) Session Mobility draft-shacham-sipping-session-mobility-00 Ron Shacham.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

CLUE RTP usage Andy Pepperell

Interactive Connectivity Establishment : ICE

March 22th, 2001 MMUSIC WG meeting 50th IETF MMUSIC WG meeting The fid attribute draft-ietf-mmusic-fid-00.txt

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

CLUE Overview and Architecture IETF 82 CLUE ad hoc meeting Allyn Romanow

I know SIP works, but why does it not work with _____________? Ensuring Interoperability Sean Rivers 2/1/2011.

Name that User John Elwell Cullen Jennings Venkatesh Venkataramanan

March 20, 2007BLISS BOF IETF-681 Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol.

July 28, 2008BLISS WG IETF-721 The Multiple Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-02 Alan Johnston.

Call Completion using BFCP draft-roach-sipping-callcomp-bfcp IETF 67 – San Diego November 7, 2006.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

Indication of Terminated Dialog draft-holmberg-sipping txt Christer Holmberg NomadicLab Ericsson.

MIKEY, Revisited Lakshminath Dondeti Thanks to: Dragan Ignjatic, Ran Canetti and others.

SIPWG Slides for IETF 51 Jonathan Rosenberg dynamicsoft.

The Session Initiation Protocol - SIP

RTP Usage for CLUE IETF 82 – 14 November 2011 Jonathan Lennox Allyn Romanow Paul Witty.

1 End-to-middle Security in SIP Kumiko Ono NTT Corporation March 1, 2004 draft-ietf-sipping-e2m-sec-reqs-01.txt draft-ono-sipping-end2middle-security-01.txt.

Andrew Allen ROUTING OUT OF DIALOG REQUESTS draft-allen-dispatch-routing-out-of-dialog-request-01 Dispatch IETF 92 March 23 rd 2015.

1 Coping with Early Media Brian Stucker Nortel Systems/Standards Architect November 6th, 2006.

SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher.

Telepresence Interoperability Protocol (TIP) Overview for IMTC SuperOp 2010 Workshop 1 Allyn Romanow Cisco Telepresence Systems Business Unit (TSBU) 15.

CS Spring 2014 CS 414 – Multimedia Systems Design Lecture 24 – Multimedia Session Protocols Klara Nahrstedt Spring 2014.

SIP Extension Changes Jonathan Rosenberg dynamicsoft IETF 52.

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

End-to-middle Security in SIP

Dan Wing IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past.

IP Telephony (VoIP).

Session Initiation Protocol

App Interaction Framework

Extending Option Space Discussion Overview and its requirements

Requirements and Implementation Options for the Multiple Line Appearance Feature using the Session Initiation Protocol (SIP) draft-johnston-bliss-mla-req-00.

Ron Shacham Henning Schulzrinne Srisakul Thakolsri Wolfgang Kellerer

SDP Offer Answer Examples

What’s in draft-rosen-rue?

Presentation transcript:

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston

July 10, 2006rtpsec BOF IETF-662 Without Best Effort SRTP I need to know if you support secure media before I send you an INVITE :-( If I choose incorrectly, the session fails completely. :-( If I you have three devices and only one supports secure media, when I call you securely, only that phone will ever ring. :-( Adoption of SRTP will require a step function - everyone must simultaneously support it or else bad things will happen to the early adopters :-(

July 10, 2006rtpsec BOF IETF-663 Without Best Effort Call Flow INVITE m=SAVP 400 Not Supported ACK Failed Session! Secure UA Non-Secure UA

July 10, 2006rtpsec BOF IETF-664 Why is this true? SRTP currently can only be used with the Secure RTP profile (SAVP) SDP offer/answer can negotiate many things, but not RTP profiles a=keymgt and a=crypto cannot be used with normal AVP m= media lines

July 10, 2006rtpsec BOF IETF-665 Requirements The ability to transition from few devices supporting secure media to (hopefully) all devices supporting secure media. Caller is willing to accept a non-secure media session during this transition period Caller does not need to know if callee supports secure media. Work with forking and early media Must be backwards compatible

July 10, 2006rtpsec BOF IETF-666 Signaling Discovery Mechanisms Approaches –Try to retrofit SDP to allow negotiation of RTP profiles draft-andreasen-mmusic-sdp-capability-negotiation-00.txt –Allow SRTP key management attributes in AVP profiles Signaling is used to indicate that SRTP might be used. –Signaling can be useful for authentication E.g. exchange of certificate fingerprints or SAS Issues –Backwards compatibility –Deprecation of SAVP profile –Complexity in resulting SDP

July 10, 2006rtpsec BOF IETF-667 In-band Discovery Mechanism In-band RTP approach –Used in ZRTP draft-zimmermann-avt-zrtp-01.txt –Fits nicely with in-path key management approaches that solve the other keying problems (early media, forking, clipping, etc.) –Can still utilize signaling for authentication –Can be supplemented by signaling discovery Issues –Encryption ability can be dependent on codec support Offer/answer exchange complete (codec selected) prior to encryption negotiation Codec could be renegotiated to allow encryption

July 10, 2006rtpsec BOF IETF-668 In-Band Discovery “Secure Flag” encoded in RTP packets sent at the start of a media session –Can’t just start sending non-RTP packets on RTP ports without knowing the other UA is capable of demultiplexing Causes audio crashes –Natural place for layering reasons if in-path key management is used Use the RTP Extension header field for proven backwards compatibility –Ignored by UAs that don’t understand it –Answered by UAs that do.

July 10, 2006rtpsec BOF IETF-669 In-Band Discovery Flow Signaling Exchange RTP with secure flag Key Negotiation SRTP

July 10, 2006rtpsec BOF IETF-6610 Signaling Secure Media After the Fact Any backwards compatible solution for Best Effort SRTP will involve initiating SRTP over a normal AVP m= media line Could indicate secure media in other ways: –a=srtp attribute –“issecure” feature tag (signaled with Contact URI) Or, a re-INVITE or UPDATE could be used to upgrade a media line from non-secure to secure. –SAVP m= line would be added and AVP m= line would be declined